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BLAKE W. MOBLEY AND CARL ANTHONY WEGE 


Evading Secret Police: 
Counterintelligence Vulnerabilities in 
Authoritarian States 


Abstract: The authoritarian impulse has characterized human governance 
through most of recorded history, and popular resistance to the same has 
waxed and waned with the intellectual currents and conditions of the day. 
There is little in the open literature, however, that considers the common 
counterintelligence vulnerabilities of contemporary authoritarian states. 
Growing out of the traditional authoritarianisms, our century is seeing the 
emergence of a modern authoritarianism characterized by technology-infused 
surveillance states whose new vulnerabilities are now emerging. 
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The human story is a history of autocracy and subjugated peoples’ responses 
to the authoritarian impulse. Academics have defined a wide variety of 
authoritarianisms from monarchies to military juntas and one-party states 
with differing governing styles but ultimately authoritarianisms still comport 
with Aristotle’s understanding of the corrupt rule of the few described in The 
Politics so long ago. 

In our view, authoritarian regimes are best understood as existing on a 
spectrum manifesting greater or lesser degrees of autocratic control over 
governance. Most importantly, authoritarian regimes actively suppress and 
monitor a large portion of their populations—including their very own secret 
police—generating a steady stream of dissent and a high counterintelligence 
collection burden. In the twenty-first century the well-trod paths used by 
authoritarian regime internal security services (AISS) to prop up various 
sorts of despotisms is threatened by cascading technological advancement 
creating new sets of counterintelligence vulnerabilities. The digitizing of the 
communications and surveillance infrastructure presents many authoritarian 
regimes with a need to adapt traditional security ecosystems to environments 
where the levers of authoritarian control are less developed. The gatekeepers 
to this cyberenvironment are often forced to rely on personnel whose 
technical adroitness is inversely related to their political reliability. This 
creates a counterintelligence problem set for which countermeasures, 
particularly in less developed states, remain beyond the state of their craft. 

The principle that institutions are only as good as their people is most 
directly manifested in less developed AISS where, in addition to the selection 
process, the training regimen of AISS is a determinative metric in workforce 
quality. Intelligence organizations with an _ established history and 
institutional memory have a substantial advantage over authoritarian regimes 
whose security services are a mixture of personnel and institutional remnants 
from prior regimes, nepotist placements, and ideologues. While a framework 
of traditional tradecraft techniques can be programed into any training 
regimen in the less developed world, the fine granularity of institutional 
experience cannot. And it is the small things in tradecraft that matter.' The 
counterintelligence vulnerability resulting from this training deficit is that the 
tradecraft of authoritarian regime intelligence officers is generally only 
sufficient for operations if they are not under scrutiny by a major power 
intelligence service. 


AISS CHARACTERISTICS AND PATHOLOGIES 


Authoritarian regimes by definition commonly control, minimize, or manage 
any process, electoral or otherwise, that would result in their removal from 
power. The balance from the perspective of the authoritarian regime is to 
preclude these security entities from becoming independent power centers 
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capable of threatening the authoritarian regime while simultaneously keeping 
them in competitive relationships with each other. Essentially this is a 
blending of mission where competing AISS have different responsibilities but 
are dependent on one another to carry them out. 

The management of intelligence and internal security bureaucracies in 
many authoritarian regimes is still based on administrative structures 
developed during the middle decades of the twentieth century.* This 
approach has its own consequences, as these AISS tend to share certain 
pathologies that simultaneously create common _ counterintelligence 
vulnerabilities. AISS are constantly in the unenviable position of creating 
intelligence products whose veneer reflects the often-fanciful worldview of the 
regime and validating their ideological precepts and _ conspiratorial 
convolutions while at the same time effectively communicating genuine 
threats in a way that comports with a view of events that the regime will 
accept. It is not as simple as just telling the regime what it wants to hear, as 
that will do nothing but blind the regime to genuine enemies that would 
overthrow it, along with the internal security services personnel whose 
privileged social position depends on the regime’s survival. The needle the 
AISS must thread is to say what the regime needs to hear in a way they are 
willing to hear it. A failure to effectively do this produces a crippling effect 
on decisionmaking. Historian George Kennan referred to this phenomenon 
as the “treacherous curtain of deference’—a bubble that many powerful 
leaders’ staffs construct to shield their leader from painful realities.’ For 
example, Serbian dictator Slobodan Milosevic and his secret police fell victim 
to this autocratic pathology when confronting—and failing to confront—the 
origins of the student protest movement that led to his downfall. Milosevic 
and his Serbian State Security Agency were so convinced that the Central 
Intelligence Agency (CIA) was animating the entire movement that they 
wasted precious resources looking for CIA-backed elements of the 
revolution, which they assumed were headquartered in Washington, DC, 
according to the secret police files recovered after the regime collapsed.* The 
leader of the Serbia student movement, Srdja Popovic, summarized 
Milosevic’s psychological blunder: 


Basic evidence-gathering and snooping would have been enough to 
convince the secret services about the extent of our operation. But 
empirical research is useless when the leader has a_ paranoid, 
conspiratorial worldview and directs his secret services to produce 
“evidence” that fits his warped reality. Milosevic had been misled by 
his own propaganda. This confirmation bias could be the most 
dangerous part of the conspiracy narrative.° 
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The AISS’ own pathologies include the fact that internal security service 
personnel have themselves typically been socialized into the regime worldview 
since childhood. Commonly, authoritarian regimes attempt to build social 
unity by emphasizing the magnitude of foreign and domestic threats facing 
the regime. AISS personnel reflecting this earlier socialization, then in their 
professional capacity, are predisposed to overestimate the threats to the 
regime—for example, the Israeli Mossad or American CIA are ten feet tall 
and ascribed superhuman powers of influence and manipulation that simply 
do not exist. AISS personnel may also be predisposed to underestimate 
threats when this socialized bias clouds their thinking. Autocrats like Joseph 
Stalin and Saddam Hussein both underestimated intelligence threats from 
ethnic minorities, even granting them senior regime positions, presuming 
their minority status mitigated any threat they could pose to the regime. That 
presumption was incorrect. For example, the Christians dominated the 
workforces of Saddam’s palaces, but because they conversed in Chaldean and 
Assyrian, they presented challenges to Iraq’s internal security services 
attempting to monitor them.° 

Additionally, AISS bureaucracies, to a certain extent like all bureaucracies, 
are institutionally configured to reward intelligence products that substantiate 
the regime worldview and to challenge products that confront that 
worldview. In authoritarian regimes, to a greater extent than in Republican 
governments, misreporting configured to reflect the regime worldview is 
rewarded or at least accepted with less contention. Furthermore, the AISS’ 
administrative practices may frequently incorporate perverse incentives that 
promote paranoid thinking within the organization. Officers championing the 
regime’s worldview and biases will tend to be promoted and their closest 
colleagues will likely hold similar biases, further ingraining these biases within 
the AISS. Telling Tehran that adverse events are the result of conspiracies by 
the Jews or the Baha’i are better received than contending that adverse events 
are the result of domestic corruption. One common example of this bias 
among AISS is a pervasive distrust of anyone with links outside of the 
country—businesspeople, students, professors, and anyone with close family 
members abroad. The Egyptian dictator Hosni Mubarak and his internal 
security services, for example, were notoriously xenophobic and diverted 
resources from national security missions to monitor and harass Egyptians 
with ties to foreigners, in particular Israeli and U.S. persons, according to 
human rights groups, activists, and journalists covering the 
Mubarak regime.’ 

In some cases, the regime’s worldview is highly paranoid and conspiracy 
theory-oriented. This is often the result of the circumstances by which the 
regime came to power or by which it maintains power—for example, regimes 
that began their rise to supremacy as a secret organization will tend to 
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maintain that paranoia and secrecy in perpetuity. Saddam’s Ba’ath party 
suffered this fate long after it was a large, established political party— 
elements of the Iraqi intelligence services monitoring Ba’ath party members 
as intensively as they monitored foreign intelligence services and Iraqi 
dissents living aboard.* The regime and its AISS may also suffer from 
decisionmaking skewed by religious or superstition thinking. Popular 
superstitions are a social pathology that is very difficult to control. A RAND 
study completed shortly after World War II indicated that although no 
systematic propaganda efforts during the war exploited superstitions,” 
preliminary assessments indicated that superstitious thinking was not 
uncommon among the top leadership on all sides—astrology being notably 
common—although most common among _less-educated and _ rural 
populations. Evidence of national leaders under the spell of superstitious 
thinking also is common in the modern era. Saddam and his trusted advisor 
‘Izzat al-Puri, for example, believed in the supernatural talents of dervishes 
and the power of magic.!° There seems to be an arithmetical relationship 
between wartime stress on individuals and the individual appeal of 
superstition and the supernatural. The more dire the situation, the greater the 
likeihood of grasping at supernatural straws. Assessing the potential of 
exploiting superstition for intelligence purposes, the RAND study concludes 
by suggesting the superstitions used to appeal to specific audiences must be 
carefully selected; the superstitious appeal must be timed to take advantage 
of social conditions, such as economic or military deprivation, and the appeal 
must be communicated to the target audience in a way congruent with the 
objective of the counterintelligence operation.’ 

Summarizing these pathologies, Table | details several AISS characteristics 
and tendencies and their possible counterintelligence vulnerabilities. 
Counterintelligence vulnerabilities are defined as a _ security service’s 
susceptibility to having its intelligence operations compromised, weakened, or 
derailed. In practice, these “tendencies” can act as specific data points along 
a spectrum of authoritarian regime counterintelligence vulnerabilities 
common to most authoritarian regimes. 

The ability to exploit these counterintelligence vulnerabilities could be 
collated with a series of metrics applicable to a range of activities, from the 
clandestine acts and programs of regime-opposing foreign intelligence 
services to the ability of local political dissidents to utilize the vulnerability 
for domestic political gain. Table 2 offers a handful of examples of 
counterintelligence collection priorities for resistance movements or foreign 
intelligence organizations. 

It is important to note that these same AISS characteristics offer their 
regime intelligence and counterintelligence advantages over its adversaries. 
First, when an authoritarian regime holds onto power for years it can 
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Table 1. AISS Characteristics, Tendencies, and Counterintelligence Implications 


Characteristics and Tendencies 


Implications of the Characteristics 
and Tendencies 


Resulting Counterintelligence 
Vulnerabilities 


AISS struggle to deliver accurate, 


Tendency 1: AISS intelligence 
assessments and operations will 
be manipulated to be palatable 
to the regime, out of fealty 
and fear.? 


Tendency 2: AISS will tend to 
overestimate traditional threats 
and underestimate 
emerging threats. 


Tendency 3: Leaders of the AISS 
will tend to be apologists and 
crusaders for the regime's 
platform and propaganda and 
carriers of its prejudices 
and biases. 


Tendency 4: Regimes worried 
about internal coups more than 
popular revolt will tend to 
create multiple, competing 
internal security services to 
prevent any one AISS from 
becoming too powerful. 


Tendency 5: AISS will tend to echo 
the generalized paranoia of 
their authoritarian leaders, 
spurred by suspicions of 
disloyalty within their ranks and 
the prospect of popular 
violent revolt. 


timely intelligence when it 
conflicts with the regime’s 
desires. The regime will tend to 
hear “safe” analytical 
conclusions, even when the 
intelligence picture is 

changing rapidly. 


AISS analysis will misjudge and 


misfire on traditional, long- 
expected threats and on 
emerging, unexpected threats. 


AISS leaders will have a hefty dose 


of confirmation bias, adhering 
to the regime’s beliefs about 
their political environment (e.g., 
“women cannot lead a 
rebellion” or “the clergy will 
always support the regime’). 
AISS officers may be at risk of 
believing their own 
propaganda, disinformation, 
and conspiracies. 


Fragmented and competing 


internal security services will 
share less intelligence with each 
other, reduce operational 
cooperation, distrust one 
another, and may even divert 
resources to spy on each other. 


Pervasive paranoid thinking within 


the AISS will lead to 
intelligence miscalculations and 
internal dissent and 
demoralization within the 

AISS ranks. 


Resistance groups may benefit 


from an AISS bureaucracy that 
is slow to change in the face of 
emerging intelligence threats 
(e.g., a regime that is unfamiliar 
with or initially unimpressed by 
a student-led resistance 
movement may devote fewer 
resources to monitoring and 
penetrating a growing 
resistance movement). 


While the AISS is bogged down in 


harassing well-established 
adversaries, emerging resistance 
groups may not be taken 
seriously, particularly if they are 
keeping their distance from 
traditional AISS adversaries 

and targets. 


Resistance groups may benefit 


from these biases by using 
them to outsmart the AISS 
tactically (e.g., using women 
and clergy to aid the rebellion). 
Groups may also benefit from 
predicting the regime’s key 
intelligence targets as they are 
telegraphed in the regime's 
conspiracies and propaganda. 


Resistance groups may benefit 


from the fragmentation of 
internal security services if they 
can enhance the distrust 
among the services and 
perhaps work on behalf of one 
service to disrupt another. 
Rivalries among services may 
become so heated that 
resistance groups may be able 
to recruit disgruntled 
employees of competing 
services as resistance 
sympathizers. 


Resistance groups may benefit 


from assessing what the AISS is 
most paranoid about (e.g., a 
foreign penetration of their 
counterintelligence staff) to 
then produce an intelligence 
channel into the service that 
fuels that paranoia and 
suspicion. Even going through 
the motions of “case officer”/ 
spy-handling work might be 


enough to raise some paranoid 


(continued) 
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Table 1. Continued. 


Characteristics and Tendencies 


Tendency 6: AISS will tend to rely 
on the regime’s weaker and 
poorly resourced external, 
overseas intelligence services to 
monitor and harass domestic 
antiregime activists and 
opponents overseas. 


Tendency 7: As with the rest of 
the regime, power within the 
AISS is highly concentrated.” 


Implications of the Characteristics 
and Tendencies 


The AISS will make decisions 


based on incomplete and 
inaccurate intelligence about its 
key antiregime targets overseas, 
which will drive their domestic 
intelligence and 
counterintelligence agenda 

and operations. 


An extreme concentration of 


power within the AISS will lead 
to bottlenecks and repetition of 
habitual mistakes from a small 
leadership group. 


Resulting Counterintelligence 
Vulnerabilities 


suspicions. Double agentry 
“lite,” however precarious, may 
be ideal for planting suspicions 
with the AISS ranks under the 
right circumstances. 


Resistance groups may find that 


resistance personnel targeted 
overseas by the regime for 
monitoring may play an 
outsized role in shaping and 
manipulating how the AISS 
analyzes domestic intelligence 
targets and counterintelligence 
threats. Double agentry, 
targeting the AISS for example, 
may be safer and easier to 
pursue in overseas 
environments. 


Resistance groups may benefit 


from the AISS’ slow adjustment 
periods and from the mindset 
that the AISS is not ten feet 
tall, makes mistakes, and can 


be disrupted. 


°Gene Sharp, From Dictatorship to Democracy: A Conceptual Framework for Liberation (New York: The New Press, 
2002), pp. 39-40. 

Ibid., p. 40. 

‘Srdja Popovic, Blueprint for Revolution (New York: Spiegel & Grau, 2015), pp. 97-123. 


implement the long-term intelligence policies and plans that might be difficult 
to sustain were leadership objectives to change every few years. For example, 
in the early 1970s, Directorate “T” within the first Chief Directorate of the 
old Committee for State Security (KGB) and their “Line X” were tasked, 
along with elements of the Main Intelligence Directorate, with long-term 
scientific collection efforts targeting developed Western economies to support 
the sagging Soviet economy with stolen technologies. This long-term effort 
was reasonably successful. It was a decade before the United States became 
aware of the scale of the Soviet effort and began to engage countermeasures. | 
Of course, there are downsides to this advantage. Bad policies and plans may 
persist without review and revision. Long-term intelligence penetrations may 
survive longer in a system where leadership and staff turnovers are less 
frequent. On balance, the ability to implement uninterrupted, long-term 
intelligence plans almost certainly outweighs these downsides. 

Second, an authoritarian regime will free its security services from legal 
hurdles as it pursues intelligence investigations, detains suspects, operates 
secret prisons, wiretaps government personnel, and keeps its operational 
objectives and methods hidden from oversight. The speed and scope of AISS 
intelligence and counterintelligence operations can be unmatched. The East 
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Table 2. Counterintelligence Collection Requirements List and Operational Adjustments 


Counterintelligence Requirement 


1 


. What are the regime's and AISS’ traditional 


threats? Who are they harassing, arresting, 
detaining most often? 


. What does the regime and the AISS not consider a 


threat? What are the most common prejudices, 
stereotype thinking, and biases among the elite of 


Examples of Operational Adjustments 


Avoid fraternizing with people who are likely the 
subject of the AISS’ traditional threat reporting 
unless the purpose is to draw someone to the 
AISS’ attention. 

Consider tapping into these resources when 
counterintelligence demands are high. Use this 
information to design and adjust operations. 


the regime and the AISS? 

3. Are there multiple AISS in the country? Can you 
tell them apart? Do they have different missions 
and target sets? 


Map out the AISS geographical and topical 
jurisdictions as well as any rivalries between the 
AISS. Take these under consideration during 
operational planning. 

Recognize that issue-specific paranoia, such as the 
fear of foreign intervention, will likely permeate 
their analysis of any development, regardless of its 
applicability. Adjust accordingly by dampening or 
fueling paranoia depending on the 
operational need. 

The regime will target these diasporas overseas, but 
may do it ineptly. Cautiously consider using this 
overseas arena to level the playing field in the 
intelligence and counterintelligence struggle. 


4. What is the regime and the AISS most paranoid 
about? Foreign power intervention? Foreign 
material support to a growing resistance? Dissent 
within the military and police ranks? 


5. Where are the resistance diasporas outside of the 
country? Where is the resistance leadership based? 
Where has the regime focused its energy on 
monitoring or harassing political 
dissidents aboard? 


German Stasi, for example, employed an astronomical 102,000 officers to 
monitor only 17 million people—by comparison, the Nazi Gestapo employed 
40,000 officials to control a country of 80 million.'* It is estimated that the 
Stasi collected intelligence from 500,000 informants and Stasi officers “knew 
no limits and had no shame when it came to protecting the party and 
the state.”'* 

One can get a feel for this by looking at some of the original Stasi 
documentation in translation where the paperwork involved in even 
“unofficial informants” for the German Democratic Republic (GDR) 
demonstrates a rather extensive recruitment process. In one example, it 
included not just the typical personal history and information but also the 
person’s entire social network to include listing of friends, family, coworkers, 
and classmates, as well as travel and evaluations by teachers. A series of 
tiered security checks were then incorporated into the documentation 
attesting to a clean security screen. The individual candidate in the examined 
document ultimately is not accepted, with an adjudication that the candidate 
was unsuitable as an informant. However, the documents demonstrate how 
the process was quite bureaucratized and regularized.'° 

Third, authoritarian regimes that rely on violent, repressive tactics will 
likely force potential intelligence defectors and spies to think twice before 
betraying the regime. One obvious drawback of this advantage is that violent 
reactions to perceived disloyalty among high-ranking officers may result in 
abundant frustration among officers and may hasten defection. Adversary 
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services can exploit this opportunity by providing secure means to 
accomplish such defection and support regime defectors. 


AUTHORITARIAN OUTLIERS 


Like all styles of governing, authoritarian regimes exist on a spectrum and 
the taxonomies used by scholars to categorize authoritarian rule into such 
things as one-party states and military governments are reasonably logical. 
The particular counterintelligence vulnerabilities will also logically vary with 
regime type. Authoritarian outliers, however, exhibit additional political and 
organizational peculiarities that interact with and modify _ their 
counterintelligence vulnerabilities. 

In the decades following the death of Mao, for example, China initially 
retreated from the totalitarian model and began governing in a more 
authoritarian manner as a device to promote economic development. 
However, China is again moving in a more totalitarian, and perhaps an 
ahistorical imperial, direction under Xi Jinping who now claims the titles of 
both the general secretary of the Chinese Communist Party (CCP) and the 
president of China. That imperial temptation can be anchored in the 
ambition of the CCP. Chinese dissidents recently exposed the names of 
roughly two million Chinese citizens employed across the world’s entire 
panoply of leading commercial companies across the globe that are covertly 
members of the CCP. While these persons would not necessarily be involved 
in espionage, the covert nature of their membership in the CCP would 
indicate an unswerving loyalty to Beijing that the Ministry of State Security 
(or Guoanbu) can exploit.'° What truly sets China apart as an authoritarian 
outlier is technology-infused, innovative social controls. The one-party 
Chinese state is pioneering a social credit system ultimately destined to be 
adopted by many states as it calibrates the level of trust the internal security 
services may place in a given citizen. This allows for the conservation of 
internal security assets that can then target higher-risk citizens. In a country 
with a billion people, the calibration and targeting offered by the social credit 
idea rationalizes resource allocation by the internal security services in a way 
that furthers the interests of the state. While elements of the social credit idea 
are found in many societies (financial credit scores for instance), China is 
taking this idea several steps further. While the national model is not 
complete the functional components of it are being pilot tested by regional 
and local governments across the country. The ultimate ambition is to build 
real-time monitoring of corporate and individual behavior across the society, 
leading to a what the Chinese call a high trust society.'’ 

These social credit scores are a tool that has the potential to marginalize 
and disaggregate any coalescing source of popular resistance to the regime. 
For example, the social credit system will particularly target Uighurs and 
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Falun Gong (also called Falun Dafa). As a kind of resistance to Chinese 
authority, religion is the driver in both instances but with the Uighurs in 
addition to the CCP competing for fidelity with Islam, the Uighurs 
traditional lands happen to be in the path of the Westward expansion of 
China’s One Belt One Road system. To address both threats, China has built 
a vast system of concentration camps engaging in re-education coupled with 
the transfer of Han Chinese peoples to traditional Uighur lands. The Falun 
Gong represent a more insidious problem. Falun Gong could potentially be 
attractive to significant numbers of Chinese, as it blends a variety of Buddhist 
and Taoist beliefs and practices along with an organization independent of 
the state and CCP. Falun Gong’s promotion of personal morality and virtue 
combined with its independent organization—now more or less 
headquartered in the United States'*—makes Falun Gong a threat to the 
authority of the CCP. Under Xi the CCP will share neither authority nor 
tolerate competing worldviews. The social credit system as it develops will 
penalize status as a Uighur or member or sympathizer of Falun Gong with 
the objective of marginalizing and ultimately eliminating any such 
identification. 

China’s counterintelligence vulnerabilities as an outlier, then, may be 
twofold. First, Chinese citizens abroad now known to have maintained 
covert membership in the CCP are targets for assessment and development 
by intelligence services from among China’s competitors. Second, in the 
incorporation of lands and peoples into the One Belt One Road system, 
persons who are less vetted but have entrée into the economic system and 
massive supply chains for Chinese surveillance technologies present offensive 
counterintelligence opportunities to adversary intelligence services targeting 
China and its supply chains.'? 

On the other side of the world, Belarus has outlier status as a result 
of geographic placement along what Samuel Huntington described as the 
“fault line” between European and Eurasian civilization leading to the 
position of Belarus as a state rather than a culturally developed nation. 
Having been ruled as part of the Grand Dutchy of Lithuania, and later 
Poland, before being absorbed into the Soviet Union in 1919, neither the 
people nor the geographic place have a common cultural narrative 
socialized into each succeeding generation. While boasting of some of the 
trappings of political pluralism, including more than a dozen political 
parties and hundreds of official nongovernmental organizations, in 
practice Alexander Lukashenko has ruled as an authoritarian Bat’ka 
(father) since 1994. Concentrating power ever more into his own hands, 
Lukashenko has attempted to recreate a Soviet-style command economy 
anchored in a social bargain exchanging state benefits in return for 
political loyalty. State-sponsored organizations, such as the Republican 
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Union for Youth, afford their members preferential access to various 
government and economic benefits.”° 

Without a developed cultural narrative, Lukashenko presented himself as a 
populist supporting the “people,” alluding to the main historic cleavage 
between social (rather than national) elites who tended to speak Polish and 
be Roman Catholic and the common Russian- speaking and Russian 
Orthodox population. Beyond his minimal populist persona, however, 
Lukashenko presents himself as neither a Messiah nor an_ ideolog. 
Authoritarian Belarus is an outlier in part because of what we call a 
minimalist authoritarianism. Neither Lukashenko nor his opponents are 
driven by passion for either democracy or authoritarian grandiosity; rather, 
the authoritarian social conflict is an emotionally sterile dispute over 
governing arrangements. 

Lukashenko’s internal security services are a key pillar of his regime.”! The 
Belarusian KGB’s primary targets are those who threaten the stability of 
Lukashenko’s rule. Lukashenko is simply in the business of staying in power. 
For example, the head of the KGB was heard in a leaked audio file from 
2012, which surfaced in January 2021, discussing operations, which came as 
the direct order from Lukashenko, to assassinate Belarusian dissidents in 
Germany and an antiregime journalist in Ukraine.*? Lukashenko’s KGB also 
aggressively recruits activists, opposition figures, and students that might help 
infiltrate antiregime groups. Monitoring, controlling, and suppressing civic 
activism occupies a significant mindshare and operational burden for 
the KGB.” 

Significantly, former high-ranking Belarusian commander and defector, 
Igor Makar, alleges that the KGB does not recruit top talent to its ranks, but 
rather relies on less well-educated but more loyal officers.“ In an interesting 
parallel, a study of Argentina’s internal security services under the Pinochet 
regime showed that the secret police attracted low-achieving officers who had 
been “stuck within the regime hierarchy threatened with discharge, and [were] 
thus more likely to join the secret police” to maintain their government jobs 
and political status.7? Authoritarian regimes that prefer intelligence officers of 
lesser ability have expectations of greater loyalty anchored in the knowledge 
that the officer understands their employment and social status is built on a 
foundation of loyalty. Adversarial intelligence services can then exploit 
regime intelligence and security officers’ implicit knowledge of their own 
inferior abilities by accentuating rivalries with peer associates in the armed 
forces or equivalent organizations. Exploiting and accentuating the 
authoritarian regime intelligence officer’s consciousness of their own inferior 
skill sets can then frame motivation for defectors among peer associates. For 
the lesser number of genuinely talented AISS officers, this accentuates the 
ability of adversary intelligence services to exploit ego as a recruitment 
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motivation—in this instance the officers targeted for development frankly are 
smarter and more deserving of recognition than their less-talented comrades. 
The objective of the adversary intelligence service becomes one of providing 
secure opportunities and paths for successful defection. Serbia activist Srdja 
Popovic argues that repressive regimes, on balance, benefit from a poor 
educational infrastructure as their best and brightest—who are also most 
likely to care about press freedom and fair elections—will seek their 
education aboard and likely remain abroad.*° 

The outlier status of the Russian kleptocracy is somewhat unique and 
defined by some international permutations that go back to the implosion of 
the Soviet Union in the 1990s. The Russian intelligence services had some 
strengths, but they also had many weaknesses. Vasili Nikitrich Muitrokhin 
(1922-2004) was a trained archivist who served in the MGB (precursor to the 
KGB) beginning in 1948. Although he briefly served in undercover 
assignments in the Middle East, much of his career was spent as an archivist 
within the First Chief Directorate, initially at Karlshorst KGB headquarters 
in the GDR. After 1972, he was in charge of moving KGB archives from 
Lubyanka to Yasenevo near Moscow. In this capacity he had access to 
Directorate S (Illegals) files, which were among the most sensitive in the 
KGB. Recruited by MI-6 in 1984, Mitrokhin began creating his own archive 
of handwritten notes on KGB foreign intelligence, organized thematically 
and geographically into a major study of KGB operations that he took with 
him when MI-6 exfiltrated his family in 1992. Mitrokhin put together a 26- 
volume history, portions of which were incorporated into a bestseller in 
collaboration with Christopher Andrew called The Mitrokhin Archive.’ In 
portions of that archive, Mitrokhin notes how the KGB, upon observing 
events organized in socialist countries outside the USSR by Western 
intelligence services to assess or develop Soviet citizens, failed to incorporate 
such techniques into their own counterintelligence operations targeting 
Western tourists visiting socialist countries in a similar manner.” 
Interestingly, the KGB appears not to have simply involuntarily retired poor 
performers, at least in all cases. Mitrokhin references an individual code- 
named “Halef” who, after marginal performance in Asia, was placed into a 
rather significant role developing covert communications methods for 
overseas operatives and assessing border and customs procedures.*’ He also 
notes that managerial discipline required mandating that persons working 
with the KGB adopt pseudonyms in the face of some opposition to do that.*” 
These, along with a multitude of other examples, show an organization 
whose tradecraft was sometimes merely adequate rather than preternatural. 
Yet in other areas the KGB showed real strength. Elements of the KGB 
having become quite expert at moving monies through Western financial 
institutions for operational purposes, when faced with a collapsing Soviet 
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Union, utilized those skills to move massive amounts of state monies out of 
the country to private bank accounts in Europe and North America that 
would seed a massive transnational surge in corruption following the fall of 
the Soviet Union.*' Kleptocracies are a particular kind of authoritarian 
regime where personal enrichment of the ruling elite supersedes statecraft as a 
governing priority. In Putin’s Russia, former KGB officers (siloviki or 
“strongmen”) have networked with one another and cooperating criminal 
organizations to effectively own the entire economy under the facade of 
private property observed only at the convenience of the Putin government. 
Public officials and businesses serve the convenience of the oligarchs and 
their former KGB interlocutors, lest those businesses or public officials find 
themselves in legal jeopardy of one sort or another facilitated by bribed or 
coerced state bureaucrats. The vast sums pilfered in this way are then spirited 
out of the country and laundered in Western countries whose financial 
institutions share common cause with the kleptocrats in keeping the money 
flowing.*? Russia’s kleptocracy is a transnational authoritarianism with 
cooperating Western partners. The unique counterintelligence vulnerabilities 
of Russia’s outlier status then are manifested in part by a network of corrupt 
oligarchs whose financial interests span the globe but whose real loyalties are 
limited to corrupt financial arrangements. This “chain of corruption” leading 
from the oligarchs outside sovereign Russian territory creates a 
counterintelligence vulnerability, allowing adversary intelligence services 
outside Russia to conduct operations following that corrupt chain right back 
to targeted oligarchs. 

A common set of counterintelligence vulnerabilities across disparate 
varieties of authoritarian regimes are reviewed in Table 1, which may also 
imply common methods by which AISS confront the common threat of 
dissent and resistance. In addition to these common vulnerabilities, we can 
identify a sample of authoritarian outliers with additional vulnerabilities 
particular to their regime. This combination of common and outlier 
vulnerabilities, unique for each authoritarian regime, can help inform the 
process of mapping counterintelligence vulnerabilities across whole classes of 
autocracies. 


TYRANNY AND ITS CYBER-ENABLED DISCONTENTS 


The authoritarianisms of various stripes we have discussed all share an 
interest in impeding political dissent. Yet the newly coalescing cyberrealm 
threatens such regimes because digital technologies by their nature amplify 
voices, including dissenting voices, and digital platforms allow these voices to 
be heard far beyond the physical spaces authoritarian regimes can control. 
This cyberrealm, however, also creates opportunity for authoritarian states to 
mount counterintelligence operations against dissidents. Authoritarian states 


AND COUNTERINTELLIGENCE VOLUME 0, NUMBER 0 


14 BLAKE W. MOBLEY AND CARL ANTHONY WEGE 


may now build counterintelligence ties between one another, engaging in 
mutual collection efforts on dissident individuals and organizations existing 
outside the physical territories of any given authoritarian regime. For 
example, both Saudi Arabia and the United Arab Emirates have targeted 
Qatari-funded Al-Jazeera journalists in offensive counterintelligence 
operations using an Israeli affiliated nonstate organization’s malware 
product, exploiting what is known as a “zero-click” iPhone vulnerability. The 
malware has been used widely to target journalists, human rights lawyers, 
and political dissidents whose work is of sufficient annoyance to merit the 
attention of AISS.*3 

In the community of authoritarian regimes, counterintelligence operations 
targeting dissidents and human intelligence collection to control internal 
opposition is foundational to their governing structures—emerging mass 
surveillance technologies will facilitate this. While China is on the high end of 
quality cybersurveillance technologies, authoritarian states exist on a 
spectrum from lesser to greater levels of technology-infused surveillance. 
Developing world countries often have limited technological capacity and 
personnel with relevant technical skill sets. However, authoritarian regimes 
can bypass these domestic technology shortcomings by exploiting the 
commercial products of private companies on global markets selling big data 
analytics. For example, Myanmar’s military, known locally as the 
Tatmadaw, took advantage of the five-year interregnum of limited 
democracy under Aung San Suu Kyi’s National League for Democracy to 
acquire forensic and cybersurveillance hardware and software through the 
Home Affairs and Transport and Communications Ministries. While China 
and Russia have no domestic political impediments to selling surveillance 
software to authoritarian regimes, Myanmar’s Tatmadaw had little trouble 
buying from Western powers either. Western technology companies lax 
about due diligence in new markets and shadowy brokers and middlemen, 
like Myanmar’s Dr. Kyaw Kyaw Htun, imported high-quality surveillance 
equipment from companies like Sweden’s MSAB forensics tools, the formerly 
US. and now Israeli BlackBag Technologies, and others. The net effect was 
that the Tatmadaw’s generals could geolocate the voicing of dissent and 
associate it with identifiable dissidents.** These commercial products give the 
authoritarian regime a mass surveillance capacity it would not otherwise 
have,*> but because they are unable to produce such technology domestically 
it creates a counterintelligence vulnerability to supply-chain tampering. While 
the universe of commercial surveillance technologies is a dynamic and 
expanding universe, it is also a bounded universe. It creates a known set of 
surveillance technologies that dissidents or adversaries can estimate and 
model. The ability to model these known surveillance technologies likely 
correlates with the ability to develop countermeasures to defeat them. 
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Yet developing world authoritarian regimes cannot as easily fix deficits in 
human capital. Even robust technology assets purchased on global markets 
are rendered weaker by untrained, ill-trained, or mal-trained operators. That 
operator and analyst deficit can be exploited in a counterintelligence context 
because even if you cannot evade the surveillance system, you may be able to 
evade the analyst monitoring the system. A weak cadre of analysts becomes a 
significant counterintelligence vulnerability. Additionally, access to superior 
intelligence collection technology will mostly fail to alleviate many AISS’ core 
tendencies to politically manipulate intelligence for their regime, waste efforts 
on overestimated threats, battle with rival security services, and fall victim to 
the paranoia and conspiracy thinking that drives the regime they serve. Good 
technology cannot routinely compensate for bad analysis. 


CYBERBORDERS AND LEGACY INFORMANTS 


In an effort to impede political dissent and decrease their vulnerabilities, 
authoritarian regimes are attempting to develop various iterations of defined 
cyberborders. Examples include China’s first Great Firewall, Iran’s Halal 
Internet, and Russia’s SORM-3.°° Each has taken a unique approach to the 
cyberborder concept. Chinese technologies are relatively sophisticated, and 
China’s cyberborder is directed at filtering unapproved information before it 
reaches Chinese citizens. By contrast, Russia leans on repressive legal 
consequences for Russian citizens accessing subversive information. China is 
widely proliferating its surveillance technologies, incentivizing their adoption 
in third countries by coupling their availability with “easy credit” Chinese 
loans. However, Russia’s approach, which is effectively an ad hoc 
combination of information control and legal intimidation of Internet service 
providers and citizens accessing subversive information, could be a better 
model for cash-starved developing world authoritarian regimes, particularly 
those in Russia’s near abroad.*’ The traditional tool set for authoritarian 
states will remain fairly well developed and effective. However, overreliance 
on the traditional tool set in the face of the cascading global information and 
communications revolution creates counterintelligence vulnerabilities in 
virtual spaces. In many developing world authoritarian regimes, the 
traditional bag of tricks to maintain control and prevent dissent is still 
heavily reliant on multiple layers of informant networks with multiple 
internal security services only slightly updated to monitor social media and 
closed-circuit television systems in the public spaces of urban areas. The 
habits of a regime die hard. Authoritarians rely on the same tools because 
they are the tools they know. 

Fundamental to the authoritarian tool set is the role of informants who 
remain foundational to all authoritarian regimes and their internal security 
services. Yet the administrative pathologies in the internal security services 
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incentivize perverse collection priorities. Often these are first to benefit the 
officer and the officer’s patronage network, second to benefit the internal 
security service itself (which supports the officers’ status in the regime), and 
only then to the larger political interests of the authoritarian regime. One 
unintended consequence of this system is that in societies where informants 
are ubiquitous, becoming an informant can be something of a job 
opportunity. In the case of “informant as opportunist” informants become 
quite skilled at turning the tables on the process and spotting, assessing, 
developing, and recruiting their own handlers as personal assets rather than 
the other way around. The opportunist informants become quite professional 
at fulfilling their handlers’ wants and needs in return for the personal benefits 
of being an informer. In corrupt authoritarian regimes, where recruiting large 
numbers of informants may be viewed as career enhancing within the internal 
security services, recruiters may not much care about vetting these 
informants. Traditional methods for validating an informant’s bona fides 
may be overwhelmed by perverse incentives within the AISS to increase the 
volume or reporting bias of certain types of informants. 

Additionally, vetting informants working in virtual environments is 
likely a growing challenge for internal security services as the volume of 
routine and subversive activities in the cyberdomain expands. Traditional 
approaches to validating an informant’s access, motivations, and 
connections may be insufficient. Simply overloading a virtual space with 
regime informants may have destabilizing effects, reducing informant 
productivity in those virtual spaces. Fewer informants in a given virtual 
space (e.g., Facebook Groups) may increase the opportunity of resistance 
organizations to exploit that space. This would be particularly true when 
authoritarian regimes face technological and human capital deficits, 
making it difficult for them to keep up with the virtual networks of 
resistors.*® If the resistance can estimate virtual informant density in a 
given virtual space, they can gain an advantage. It becomes a matter of 
hiding operations in virtual places and with people who do not trip the 
wires of the AISS. For example, informants may infiltrate and monitor 
private Facebook groups while failing to infiltrate online gaming 
environments used to exchange information. That is exploitable and 
degrades the utility of the informant system to the AISS. 


THE RISE OF ARTIFICIAL COUNTERINTELLIGENCE 


The increasing importance of artificial intelligence (AI) in this environment 
portends the development of counter-AI capabilities, creating what amounts 
to a spiraling race for superior algorithms. For example, an adversary may 
attempt to disrupt Al-driven social media collection by inserting and 
magnifying messages intended to deceive the AI collection platforms. The AI 
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collection platform then incorporates modalities to filter the deceptive social 
messaging and so on. In circumstances where regime algorithms are being 
deceive by a resistance group or other adversary’s algorithms, the role of 
ferreting out deception becomes challenging. What may emerge in this 
context is a requirement for fewer human analysts exercising higher levels of 
cognition outside the boundaries of the algorithms. It is possible that the 
algorithm arms race may resemble the current algorithm-driven, high-speed 
trading that occurs on Wall Street, where human analysts control only a 
small portion of trades and reactions to market data. Applied to AISS 
operations, this could mean that intelligence can be collated, discarded, 
queued for human analysis, or acted on at a faster rate. If the algorithms are 
designed poorly, however, this may lead to faster but lower-quality actions 
being taken. 

Authoritarian regimes share some common characteristics, common 
pathologies, and common counterintelligence vulnerabilities. Among these 
vulnerabilities, AISS are typically burdened with analytic biases, including 
recirculating and encouraging the paranoid viewpoints their leaders espouse 
and focusing too much on yesterday’s threats and too little on emerging 
threats. However, mass surveillance technologies are changing the dynamics 
of AISS counterintelligence operations—they now can purchase quality 
surveillance technology products in global markets, qualitatively improving 
their operational capacity to engage dissent even beyond the range of their 
borders but limited by the open nature of the technology and their own 
human deficits. There new surveillance technologies will likely still feed into a 
system rife with analytic bias. 

Cyberborders present a qualitatively and quantitatively new 
counterintelligence problem set but also provide new targeting possibilities 
for offensive counterintelligence operations. The disparate informant 
networks foundational to all authoritarian regimes, which now extend into 
the cyberrealm, may prove more susceptible to mapping and geolocation, 
facilitating the development of countermeasures by adversary intelligence 
services and regime political dissidents. The infusion of AI into surveillance 
technologies and social engagement in cyberspaces between AISS and regime 
dissidents will likely continue to scale with unforeseen results. AI could 
encourage improved analytic methods for AISS but could also reinforce bad 
analytic habits and biases. For the leaders of authoritarian regimes and 
resistance movements, investments in well-trained analysts and operators 
using good analytic tradecraft—perhaps matched with AI systems less 
skewed by ingrained biases that alert analysts to key events and 
developments—will likely prove to be a critical factor in counterintelligence 
battles of the future. 
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